macOS Backdoor Uses Prompt Injection to Evade AI Triage
SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools
North Korea-linked Lazarus APT Group is using a stealthy memory-only RAT that leaves almost no forensic traces behind. North Korea-linked APT group Lazarus has never been shy about its ambitions, the threat actor has been tied to some of the most audacious financial heists in recent memory, draining hundreds of millions from cryptocurrency exchanges and […]
Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections.
Also: NodeCordRAT Malware, North Korean QR-Phishing CampaignThis week, U.K. crypto exchanges linked to Iranian sanctions evasion, NodeCordRAT malware spread via npm, an FBI alert on North Korean QR-code phishing, illicit crypto hit $154 billion in 2025 and U.S. President Donald Trump said he won't pardon Sam Bankman-Fried.
Justice Department Secures Guilty Pleas, $15M in Civil ForfeitureFederal prosecutors charged U.S. citizens and foreign nationals for aiding North Korean IT workers in infiltrating U.S. firms, laundering crypto and funneling illicit revenue back to Pyongyang’s weapons program in what the DOJ has described as a major sanctions-evasion scheme.
State, Criminal Hackers Use Blockchain Technique to Evade TakedownsGoogle's Threat Intelligence Group found hacking groups like North Korea's UNC5342 and criminal group UNC5142 using a public blockchain technique called EtherHiding to distribute malware. The method makes attacks tougher to trace, block or dismantle.
OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development
Also: Dismantling a 460 Million Euro Crypto Fraud NetworkThis week, a peek into Iran's largest crypto exchange blending privacy, scale and sanctions evasion, Europol and Spanish police dismantled a crypto fraud network, $9.5M Resupply hack, sentencing in a $40M ponzi scheme and a North Korean crypto theft and employment fraud ring.
The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets allegedly linked to a global IT worker scheme orchestrated by North Korea
The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader
The campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around.
In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS
Researches Find Deep Ties to North Korea Among Fake IT Services Firms WebsitesNorth Korean state actors are using fake websites of foreign technology services firms sidestep sanctions and raise funding for Kim Jong-un regime's weapons development programs. SentinelLabs found many of these sites shared similar infrastructure, owners and locations.
The North Korean state-sponsored hacking group tracked as 'Andariel' has been linked to the Play ransomware operation, using the RaaS to work behind the scenes and evade sanctions. [...]
Fraudsters based in the US and Europe indicted for helping North Korea's nation-state groups establish fake freelancer identities and evade sanctions.
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Thursday sanctioned the North Korea-linked adversarial collective known as Kimsuky as well as eight foreign-based agents who are alleged to have facilitated sanctions evasion
The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN
The U.S. government has announced the seizure of 17 website domains used by North Korean information technology (IT) workers as part of an illicit scheme to defraud businesses across the world, evade sanctions, and fund the country's ballistic missile program
Brit and Spaniard face 20 years behind bars if found guilty
A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country